AMENDMENTS TO THE CLAIMS 



Please amend the claims as indicated in the complete listing of claims listed below. 
This listing of claims will replace all prior versions, and listings, of claims in the application: 

1 . (Currently Amended) A cryptographic method, including: 

generating, at a first entity, a first public key M r , the first entity having a first 

password Pr and the first public key M r being session specific; 
receiving, at the first entity, a second public key Ma, the second public key Ma 

being session specific; 
generating, at [[a]] the first entity, a first session key K B based on [[a]] the 

second public key M A , the first public key M r to be used at a second 

entity to derive the first session key, wherein the first session key Kg is 

independent of the first password Pr ; 
encrypting, at the first entity, a first random nonce N B using at least [[a]] the 

first password Pb and a first the second public key [[M B ]] M^ to obtain 

an encrypted random nonce, th e first pub l ic k e y Mb and th e s e cond 

public k e y M A b e ing s e ssion sp e cific, th e first pub l ic k e y Mb to b e us e d 

at a second e nt i ty to d e r i v e th e first s e ss i on k e y ; 
transmitting the encrypted random nonce from the first entity to the second 

entity ; 

receiving a response to the encrypted random nonce; and 
authenticating through determining whether the response includes a correct 
modification of the first random nonce. 
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2. (Currently Amended) The method of claim 1 wherein said encrypting the first 
random nonce Nb includes: 

generating a first secret S B from at least the first password P B and the first 
public key Mb; and 

encrypting the first random nonce N B using at least the first secret Sb and the 

first session key Kb ; 
wherein the first secret S B and the first session key Kb are different. 

3. (Currently Amended) The method of cla i m 2 whorein said auth e nt i cat i ng 
includ e s claim 1 wherein said encrypting the first random nonce N r includes : 
ch e ck i ng wh e th e r a r e c ei v e d modification of th e first random nonc e e qua l s a 

mod i fication of tho first random nonco as app lie d to th e first random 
nonco by the first e nt i ty. 
encrypting the first random nonce Ng using at least the first password Pr and 
the first session key K B . 

4. (Currently Amended) The method of c l aim 2 claim 1 wherein said 
authenticating includes: 

checking whether a received modification of the first random nonce less a 

modification thereof as applied thereto by the first entity equals the first 
random nonce. 

5. (Currently Amended) The method of c l a i m 2 claim 1 wherein generating the 
first session key K B includes: 

generating a first random number Rb, and 



App. No.: 09/918,602 



-3- 



Atty. Docket No.: 04860.P2441 



computing the first session key K B from the second public key M A raised to the 
exponential power of the first random number R B , modulo a parameter 

Bb. 

6. (Previously Presented) The method of claim 2 wherein the first secret Sb is 
generated using a combining function fs on at least the first password P B and 
the first public key Mb- 

7. (Previously Presented) The method of claim 6 wherein the first secret S B is 
generated using the combining function f B on the first password Pb and the 
second public key M A and the first public key M B . 

8. (Previously Presented) The method of claim 2 wherein said generating the 
first secret Sb includes: 

combining the second public key M A and the first public key M B with the first 

password P B to produce a first result, and 
hashing the first result with a secure hash. 

9. (Original) The method of claim 8 wherein the secure hash is a one-way hash 
function. 

10. (Original) The method of claim 9 wherein the one-way hash function is one of 
the Secure Hash Algorithm, the Message Digest 5, Snefru, Nippon Telephone 
and Telegraph Hash, and the Gosudarstvennyl Standard. 
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1 1 . (Previously Presented) The method of claim 2 wherein said generating the 
first secret S B includes: 

combining the first password P B and at least one of the second public key M A 
and the first public key M B to generate a first combined result, and 

combining the first combined result and at least one of the second public key 
Ma, the first password Pb, and the first public key M B to generate a 
second combined result. 

1 2. (Currently Amended) The method of claim 2 claim 1 wherein the first random 
nonce N B is encrypted using a symmetrical encryption algorithm. 

13. (Original) The method of claim 12, wherein the symmetrical encryption 
algorithm is one of the Data Encryption Standard and the block cipher CAST. 

14. (Previously Presented) The method of claim 2 wherein encrypting the first 
random nonce N B includes superencrypting the first random nonce N B . 

15. (Previously Presented) The method of claim 14, wherein superencrypting the 
first random nonce N B includes: 

encrypting the first random nonce N B with the first secret S B *to produce the 

first encrypted result; and 
encrypting the first encrypted result using the first session key Kb. 

16. (Currently Amended) The method of c l aim 2 wherein said transm i tt i ng tho 
encrypted random nonc e from th e first e ntity i nc l ud e s: 
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transm i tting to th e s e cond e nt i ty th e first public k e y Mb to estab li sh th e s e ssion 

k e y at th e s e cond e nt i ty; and 
claim 15 wherein said authenticating includes: 

decrypting the response using the first session key Kb to generate a 
first decrypted result; and 

decrypting the first decrypted result using the first secret Sb- 

17. (Currently Amended) The method of claim 2, wherein the response includes a 
combination of a second random nonce N A and a modification of the first , 
random nonce; and wherein the method further includes: 

extracting the second random nonce Na from the response; 
modifying the second random nonce N A to obtain a modified second random 
nonce; 

encrypting the modified second random nonce using th e f i rst s e ssion k e y K g 
and the first secret Sb and the second public key Ma to obtain an 
encrypted package; and 

transmitting the encrypted package from the first entity. 

18. (Previously Presented) The method of claim 17 wherein said encrypting the 
modified second random nonce includes: ^ v ^n::- * 
generating a string of random bits Ib; 

encrypting a combination of the string of random bits Ib and the modified 

second random nonce using the first secret S B to generate a first result; 
and 

encrypting the first result using the first session key Kb. 
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19. (Previously Presented) The method of claim 17 wherein the encrypted 
package is transmitted for authentication of the first entity in opening a two- 
way communication channel. 

20. (Currently Amended) A computer readable storage medium containing 
executable computer program instructions which, when executed, cause a first 
computer system to perform a cryptographic method including: 
generating, at the first computer system, a first public key M r , the first 

computer system having a first password Pg and the first public key Mr 
being session specific; 

receiving, at the first computer system, a second public key Ma, the second 
public key M^ being session specific; 

generating, at the first computer system, a first session key K B based on [[a]] 
the second public key M a, the first public key Mr to be used at a 
second computer system to derive the first session key, wherein the 
first session key Kg is independent of the first password Pg ; 

encrypting, at the first computer system, a first random nonce N B using at 

least [[a]] the first password Pb and a first the second public key [[M B ]] 
M^ to obtain an encrypted random nonce, th e first pub li c k e y Me -and 
th e s e cond publ i c k e y Ma b ei ng s e ss i on sp e cific, th e first pub l ic k e y M B - 
to b e us e d at a s e cond comput e r syst e m to d e r i v e th e first s e ss i on k e y ; 

transmitting the encrypted random nonce from the first computer system to 
the second computer system ; and 

authenticating through determining whether a response to the encrypted 
random nonce includes a correct modification of the first random 
nonce. 
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21 . (Currently Amended) A distributed readable storage medium containing 

executable computer program instructions which, when executed, cause a first 
computer system and a second computer system to perform a computer 
cryptographic method through a network, the method comprising: 
generating at the first computer system a first public key M r , the first computer 

system having a first password P r , and the first public key M r being 

session specific; 

generating at the second computer system a second public key M^. the 

second computer system having the first password P r , and the second 
public key Ma being session specific; 

receiving at the first computer system [[a]] the second public key M A ; 

generating at the first computer system a [[first]] session key K B based on the 
second public key M A ; 

generating at the first computer system a first random nonce N B ; 

encrypting at the first computer system the first random nonce N B using at 

least [[a]] the first password P B and a first the second public key [[M B ]] 
M^ to obtain an encrypted random nonce , th e first public k e y M B -an4 
tho second pub l ic k e y M A boing s e ssion sp e c i fio, th e first pub l ic koy M B 
to bo usod at tho s e cond computer syst e m to d e rive tho first session 

transmitting the encrypted random nonce and the first public key M B from the 
first computer system to the second computer system to establish the 
session key at the second computer system; 

receiving at the first computer system from the second computer system a 
response to the encrypted random nonce; and 
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authenticating the second computer system at the first computer system 
through determining whether the response includes a correct 
modification of the first random nonce. 

22. (Currently Amended) A computer system for performing a cryptographic 
method through a network, the computer system comprising: 
a processor; 

a network interface coupled to the network and coupled to the processor, the 

network interface to receive a request including information on a user ~*m- 
identification; and 

a storage device coupled to the processor, the storage device to store a user 
password corresponding to the user identification, and wherein the 
processor is to perform a method, including: 
receiving a second public key Ma through the network interface , the 

second public key Ma being session specific : 
generating a first session key Kb based on the second public key M A ; 
generating a first public key M r , the first public key Mr being session 

specific and the first public key Mr to be used at a further 

computer system coupled to the network to derive the first 

session key: 
generating a first random nonce N B ; 

encrypting the first random nonce Nb using at least the user password 
and a first the second public key [[M B ]] M^ to obtain an 
encrypted random nonce , th e first public k e y Mb and the second 
public koy M A be i ng s e ssion sp e c i fic, the first pub l ic k e y M B to b e 
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usod at a furth e r computor system coup l ed to th e n e twork to 

d e riv e th e first s e ssion k e y ; 
transmitting the encrypted random nonce and the first public key M B 

through the network interface; 
authenticating through determining whether a response to the 

encrypted random nonce includes a correct modification of the 

first random nonce. 

23. (Previously Presented) The computer system of claim 22 wherein the network 
is a network operating according to a hypertext transfer protocol; and the first 
public key M B is transmitted with the encrypted random nonce for session key 
exchange. 

24. (Currently Amended) A cryptographic method, comprising: 

receiving at a first entity a second public key M A and an encrypted second 

random numbe r the first entity having a first password Pr ; 
generating a first session key K B based on the second public key M A , wherein 

the first session key Kr is independent of the first password Pb ; 
decrypting, using at least [[a]] the first password P B and the second publ i c key 

M A the first session key Kg , to retrieve a second random number N A 

from the encrypted second random number; 
modifying the second random number N A to obtain a modified second random 

number; 

encrypting the modified second random number using at least the first 

password P B and a first pub li c k e y M B the first session key Kg to obtain 
an encrypted random package; and 
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transmitting the encrypted random package from the first entity. 

25. (Currently Amended) The method of claim 24, wherein said decrypting 
includes: 

decrypting the encrypted second random number using the first session key 

K B to generate a first decrypted result; and 
decrypting the first decrypted result using at least the first password Ps-and 

th o oocond public k o y M A . 

26. (Previously Presented) The method of claim 24 wherein said generating the 
first session key Kb includes: 

generating a first random number R B , and 

computing the first session key K B from the second public key M A raised to the 
exponential power of the first random number R B , modulo a parameter 
.Be. 

27. (Currently Amended) The method of claim 24 wherein said decrypting further 
includes: 

generating at the first entity a first public key M g : and 
generating a first secret Sb using a combining function /b on at least the first 
password Pb and the s e cond first public key [[Ma]] Mb. 

28. (Currently Amended) The method of claim 27 wherein th e first s e cr e t S g4s 
g e n e rat e d using th e combin i ng /& on th e first password Pb and on th e s e cond 
pub li c k e y Ma and th e first public k e y M a said decrypting includes decrypting 
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the encrypted second random number using at least the first secret S B and the 
first session key Kg . 

29. (Currently Amended) The method of c l a i m 28 claim 27 wherein said 
generating the first secret S B includes: 

combining the s e cond pub li c k e y M A -af*4 the first public key M B with the first 

password Pb to produce a first result, and 
hashing the first result with a secure hash. 

30. (Original) The method of claim 29 wherein the secure hash is a one-way hash 
function. 

31 . (Original) The method of claim 30 wherein the one-way hash function is one of 
the Secure Hash Algorithm, the Message Digest 5, Snefru, Nippon Telephone 
and Telegraph Hash, and the Gosudarstvennyl Standard. 

32. (Currently Amended) The method of claim 27 wherein said generating the first 
secret Sb includes: 

combining the first password P B and at l east on e of th e s e cond pub li c k e y M A 
and the first public key M B to generate a first combined result, and 

combining the first combined result and at least one of the second public key 
M A , the first password P B , and the first public key M B to generate a 
s e cond comb i n e d r e su l t the first secret Sr . 

33. (Previously Presented) The method of claim 24, wherein said encrypting the 
modified second random number includes superencrypting the modified 
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second random number. 

34. (Previously Presented) The method of claim 24, further including: 
generating a first random number N B ; and 

wherein said encrypting the modified second random number includes: 
encrypting a combination of the first random number N B and the modified 
second random number. 

35. (Previously Presented) The method of claim 34 which further includes: 
receiving at the first entity a response to the encrypted random package; 
decrypting the response to obtain a combination of a string of random bits and 

a modified first random nonce; and 
retrieving the modified first random nonce from the combination of the string 

of random bits and the modified first random nonce; 
determining whether the modified first random nonce was correctly modified 

from the first random number N B . 

36. (Previously Presented) The method of claim 35 wherein said determining 
whether the modified first random nonce was correctly modified includes: 
checking whether the modified first random nonce equals a modification of the 

first random nonce as applied to the first random nonce by the first 
entity. 

37. (Previously Presented) The method of claim 35 wherein said determining 
whether the modified first random nonce was correctly modified includes: 
checking whether the modified first random nonce less a modification thereof 
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as applied thereto by the first entity equals the first random nonce. 

38. (Currently Amended) A computer readable storage medium containing 
executable computer program instructions which, when executed, cause a first 
computer system to perform a cryptographic method including: 

receiving at the first computer system a second public key M A and an 

encrypted second random number; 
generating a first session key Kb based on the second public key M A ; 
decrypting, using at least a first password Pb and th e s e cond pub l ic k e y M A rsswor? 

the first session key Kg , to retrieve the second random number N A from 

the encrypted second random number; 
modifying the second random number N A to obtain a modified second random 

number; 

encrypting the modified second random number using at least the first 

password Pb and a first pub l ic k e y M b the first session key Kg to obtain 
an encrypted random package; 

transmitting the encrypted random package from the first computer system for 
authentication. 

39. (Currently Amended) A distributed readable storage medium containing 
executable computer program instructions which, when executed, cause a first 
computer system and a second computer system to perform a cryptographic 
method through a network, the method including: 

receiving, from the second computer system and at the first computer system, 

a second public key M A and an encrypted second random number; 
generating a first session key K B based on the second public key M A ; 
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decrypting, using at least a first password Pb and th e s e cond pub li c k e y Ma 
the first session key Kb , to retrieve a second random number N A from 
the encrypted second random number; 

modifying the second random number N A to obtain a modified second random 
number; 

encrypting the modified second random number using at least the first 

password P B and a first pub l ic k e y M B the first session key Kg to obtain 
an encrypted random package; 

transmitting the encrypted random package from the first computer system to 
the second computer system. 

40. (Currently Amended) A computer system for performing a cryptographic 
method through a network, the computer system comprising: 
a processor; 

a network interface coupled to the network and coupled to the processor, the 
network interface to receive a request including information on a user 
identification; and 

a storage device coupled to the processor, the storage device to store a user 
password associated with the user identification, and wherein the 
processor is to perform a method, including 
generating a first public key M g ; 

receiving a second public key M A and an encrypted second random 

number through the network interface; 
generating a first session key Kb based on the second public key M A ; 
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decrypting, using at least a first password Pb and th e s e cond publ i c k e y 
Ma the first session key K R , to retrieve the second random 
number N A from the encrypted second random number; 

modifying the second random number Na to obtain a modified second 
random number; 

encrypting the modified second random number using at least the first 
password P B and a first public k e y M B the first session key Kg . to 
obtain an encrypted random package; 
' transmitting the encrypted random package through the network 
interface. 

41 . (Previously Presented) The computer system of claim 40 wherein the network 
is a network operating according to a hypertext transfer protocol; and the first 
public key M B is transmitted for session key exchange before the encrypted 
second random number is received. 
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